A new Booking.com‑themed phishing campaign is abusing trust in travel brands to steal money and sensitive data from both hotels and guests. The scheme can start as a service message, but it can end with payment fraud and card exposure.…
Tag: Cyber Security News
New ‘Foxveil’ Malware Loader Leverages Cloudflare, Netlify, and Discord to Evade Detection
A new malware loader called “Foxveil” has been discovered actively targeting systems through legitimate cloud platforms, raising concerns about how threat actors are weaponizing trusted services to bypass security measures. The malware has been operational since August 2025 and has…
Notepad++ v8.9.2 Released with “Double-Lock” Update Mechanism Following Recent Hack
The widely used open-source text and code editor has released version v8.9.2, introducing a major security enhancement known as the “Double-Lock” update mechanism. This update addresses vulnerabilities that were exploited in a recent state-sponsored attack targeting the application’s update infrastructure. Last month, Notepad++’s…
Microsoft VS Code Extension with 11M Downloads Expose Developers to One-Click XSS Attacks
A critical vulnerability discovered in Microsoft’s popular Visual Studio Code (VS Code) Live Preview extension, downloaded over 11 million times, exposes developers to one-click cross-site scripting (XSS) and local file exfiltration attacks. The flaw, now patched, was discovered by researchers Nir Zadok and Moshe Siman Tov Bustan from OX Security.…
CISA Warns of Google Chromium 0-Day Vulnerability Actively Exploited in Attacks
An urgent warning regarding a newly discovered zero-day vulnerability in Google Chromium, which is reportedly under active exploitation in the wild. The vulnerability, tracked as CVE-2026-2441, affects Chromium’s CSS (Cascading Style Sheets) engine and can enable remote attackers to execute arbitrary…
New Malware Campaign ‘CRESCENTHARVEST’ Exploits Iran Protest Sentiment to Deploy Information-Stealing RAT
A sophisticated new malware campaign named ‘CRESCENTHARVEST’ has surfaced, strategically exploiting the geopolitical unrest in Iran to target dissidents and protest supporters. This cyberespionage operation leverages social engineering to deploy a dual-purpose threat capability, functioning as both a remote access…
Critical Windows Admin Center Vulnerability Allows Privilege Escalation
A critical security update addressing a high‑severity elevation of privilege vulnerability in Windows Admin Center (WAC), identified as CVE‑2026‑26119. The flaw, rated CVSS 8.8 (Critical), stems from improper authentication (CWE‑287) that could allow an authorized attacker to gain elevated network privileges. According to Microsoft, this…
Credit Card Fraud Emerges with a New Sophisticated Carding-as-a-Service Marketplaces
Credit card fraud has persisted despite global mitigation efforts, evolving from scattered illegal trades into a highly organized Carding-as-a-Service (CaaS) economy. This underground structure now mirrors legitimate online marketplaces, providing criminals with streamlined access to stolen payment data, specialized tools,…
Threat Actors Advertising New ‘ClickFix’ Payload That Stores Malware within Browser Cache
Cybersecurity researchers have uncovered a new iteration of the ‘ClickFix’ social engineering campaign, which now employs a sophisticated technique to evade detection by storing malware directly within a victim’s browser cache. This evolution represents a significant and dangerous shift in…
Matanbuchus 3.0 Returns with ClickFix Social Engineering and Silent MSI Installations to Deploy AstarionRAT
Matanbuchus, a premium Malware-as-a-Service loader, has resurfaced in February 2026 following a nearly year-long hiatus. This latest iteration, version 3.0, features a complete code rewrite and now commands a subscription fee of up to $15,000 per month, a stark increase…
Dell 0-Day Vulnerability Exploited by Chinese Hackers since mid-2024 to Deploy Malware
A critical zero-day exploitation campaign targeting Dell RecoverPoint for Virtual Machines. The vulnerability, tracked as CVE-2026-22769, carries a maximum CVSSv3.1 score of 10.0 and has been under active exploitation since at least mid-2024. Incident response engagements attribute this activity to…
Cybercriminals Leverage Atlassian Cloud for Spam Campaigns Redirecting Targets to Fraudulent Investment Schemes
Cybercriminals have launched a sophisticated spam campaign leveraging the trusted infrastructure of Atlassian Cloud. By abusing legitimate features within the platform, attackers are effectively bypassing traditional email security controls to reach high-value targets. This campaign focuses on redirecting users to…
DigitStealer Gains Attention as macOS-Targeting Infostealer Exposes Key Infrastructure Weaknesses
DigitStealer, a sophisticated information-stealing malware targeting macOS systems, has recently surged in activity, drawing significant attention from the cybersecurity community. First emerging in late 2025, this malicious software specifically targets Apple M2 devices, distinguishing itself from generic threats. It operates…
Malware in the Wild as Malicious Fork of Legitimate Triton App Surfaces on GitHub
A malicious fork of the legitimate macOS application Triton has surfaced on GitHub, exploiting open-source repositories to distribute malware. The fraudulent repository, created under the account “JaoAureliano,” appeared as a copy of the original Triton app developed by Otávio C.…
QR Codes Used to Spread Phishing Attacks and Malicious Apps Across Mobile Devices
QR codes have become a normal way to open links, pay bills, and sign in, but that same speed lets attackers push victims from the physical world into a risky web page or app action in seconds. In recent campaigns,…
How CISOs Can Prevent Incidents with the Right Threat Intelligence
Somewhere right now, a threat actor is testing the perimeter of a company that believes it is well-defended. The organization has a firewall, an EDR solution, and a SIEM generating thousands of alerts per day. It also has a SOC team working two-shift rotations. And yet, within hours or days, an initial foothold will become lateral movement, lateral movement will become data exfiltration, and exfiltration will become a regulatory notification, a board presentation, and a headline. The Breach Is Already in Motion. Are You? The problem is rarely effort. It is timing and intelligence. By the time most organizations detect an active intrusion, the average dwell time is still measured…
Threat Actors Attacking OpenClaw Configurations to Steal Login Credentials
Cybercriminals have discovered a new attack surface in the world of personal AI assistants. Recent investigations show that infostealers now target OpenClaw configuration files to steal sensitive authentication credentials and personal data. This marks a dangerous evolution in malware behavior,…
Critical “Log Poisoning” Vulnerability in OpenClaw AI Agent Allows Malicious Content Injection
OpenClaw, a fast-rising open-source AI assistant designed to connect to messaging, cloud services, and local system tools, has patched a “log poisoning” weakness that could let remote attackers inject malicious, user-controlled content into logs that the agent may later ingest.…
EU Parliament Blocks AI features on Corporate Devices Over Cybersecurity Concerns
The European Parliament has disabled built‑in artificial intelligence (AI) features on corporate devices used by lawmakers and staff, citing unresolved cybersecurity and data protection risks. The decision targets AI tools embedded in tablets and phones, while leaving essential apps such…
India’s Largest Pharmacy Exposes Customer Personal Details and Access to Internal Systems
A major vulnerability discovered on the platform of a division of Zota Healthcare exposed sensitive customer and internal system data due to insecure “super admin” APIs. The issue, uncovered by Eaton–Works, allowed anyone to create a privileged super admin account and take full…